Aggregator

A vulnerability was found in Dark Age CMS 0.2c. It has been classified as critical. Affected is an unknown function of the file login.php of the component Login. The manipulation leads to sql injection. This vulnerability is traded as CVE-2009-0326. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

以互联网为主导的数字媒介正以前所未有的力度扩展其影响力边界，深度重构着人类认知世界的叙事方式。马德里卡洛斯三世大学（UC3M）的最新研究表明，这种变革已超越传统媒体范畴，形成了一种从私人领域到公共政治、文化、艺术等各个层面的"话语准垄断"现象。传播系教授皮拉尔·卡雷拉 (Pilar Carrera)教授强调，互联网作为大众媒介正在消解民主社会必需的多元话语竞争机制，取而代之的是以"技术赋权"为包装的新型控制体系。研究表明，资本、权力与大众媒体逻辑已形成闭环式的相互强化机制，其社会影响不容忽视。卡雷拉教授特别强调，必须严格区分技术工具与媒体运作逻辑——这一关键区隔在当前讨论中经常被模糊化。"我们探讨的绝非技术本身优劣，更不是要重拾反技术进步的卢德主义。"卡雷拉指出，"所谓'技术白板论'和'去中介化神话'本质上都是认知陷阱，它们成功转移了公众对互联网实际控制结构的注意力。"研究揭示，尽管网络空间常被塑造成自由开放的形象，但其运作的每个环节都暗含精心的规划与控制。"当下主流AI论述充斥着技术神秘主义与决定论的杂糅，简直堪称数字时代的电子占星术。"卡雷拉教授评论道，"当媒体开始用塔罗牌式的语言讨论技术时，我们就该警惕其背后的权力运作。"

Cybersecurity researchers have discovered an updated version of a malware loader called Hijack Loader that implements new features to evade detection and establish persistence on compromised systems. "Hijack Loader released a new module that implements call stack spoofing to hide the origin of function calls (e.g., API and system calls)," Zscaler ThreatLabz researcher Muhammed Irfan V A said in

A vulnerability was found in Xiaomi Pro 13 and classified as problematic. This issue affects some unknown processing of the component Mimarket. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-4405. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in WP Video Lightbox Plugin up to 1.9.10 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument width leads to cross site scripting. This vulnerability is known as CVE-2024-4324. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in 3D FlipBook Plugin up to 1.15.4 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Bookmark URL Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-3883. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in LA-Studio Element Kit for Elementor Plugin up to 1.3.7.5 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component LaStudioKit Post Author Widget. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-3005. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Button Generator Plugin up to 2.x on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-3471. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

CISA警告：Apache Tomcat路径漏洞遭活跃利用，可致RCE！

Log4j WAF Bypass 技巧详细分析+总结

A vulnerability was found in Coffee Code Tech Plugin Oficial up to 1.7.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-30906. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in SlicedInvoices Sliced Invoices Plugin up to 3.9.4 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2025-31628. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Sabuj Kundu CBX Poll Plugin up to 1.2.7 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation leads to deserialization. This vulnerability is traded as CVE-2025-31612. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in WPglob Auto Scroll for Reading Plugin up to 1.1.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-31594. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Wisdomlogix Solutions Fonts Manager Plugin up to 1.2 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-31578. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Cynob IT Consultancy Logo Slider Plugin up to 1.0.0 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-31571. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in wiredmindshelp LeadLab Plugin up to 1.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-31568. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Vimal Kava AI Search Bar Plugin up to 1.3 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-31563. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in M. Tuhin Ultimate Push Notifications Plugin up to 1.1.8 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-31548. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in madfishdigital Bulk NoIndex & NoFollow Toolkit Plugin up to 2.16 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-31537. The attack may be initiated remotely. There is no exploit available.